How to Find a File and Check If It Exists with Powershell or Netwrix Auditor

Native Auditing vs. Netwrix Auditor for Windows File Servers

Native Auditing Netwrix Auditor for Windows File Servers

Native Auditing

Netwrix Auditor for Windows File Servers

Steps

Open the PowerShell ISE → Create a new script using the following code. In the $filename variable, specify a string that might indicate the file contains sensitive data, and for $searchinfolder, specify the directory or folder to search in.

$filename = '*payroll*.*'#you can use wildcards here for name and for extension
$searchinfolder = '\\pdc\Shared\Accounting*'
Get-ChildItem -Path $searchinfolder -Filter $filename -Recurse | %{$_.FullName}

Run the script.
Review the results:

To check whether a file exists, run the following script, specifying the filename in the $checkpath string:

$checkpath = 'C:\Shared\Accounting\Payroll 2016-2017.xlsx'
Test-Path -Path $checkpath

To determine whether there are any files in C:\Shared\Accounting\ with the .xlsx extension, run following code on your computer:

Test-Path -Path "C:\Shared\Accounting\*" -Include *.xlsx

Note that you can use environment variables with the test-path statement. The example below shows how to detect if the $profile variable leads to a directory or a file:

Test-Path $profile -Pathtype Leaf

Run Netwrix Auditor → Navigate to "Reports" → Open "User Behavior and Blind Spot Analysis" → Go to "Information Disclosure" → Select "File Names Containing Sensitive Data" → Click "View".
Specify the following filters and parameters:
- Object UNC Path – Specify the path to your file share (example: "\\server\share")
- Disallowed Words – Specify the name of the file you want to search (example: "payroll")
Click "View Report".

To save the report, click the "Export" button → Select a format, such as PDF → Click "Save as" → Choose a location to save it.

Netwrix Auditor File Names Containing Sensitive Data: shows files with names that suggest they contain sensitive data

Find Your Sensitive Files — and Get Critical Details about Them, Too

To maintain security and compliance, IT pros need to regularly search for files that might contain sensitive data and that are stored in improper locations. One method is to find files manually using Windows Explorer. However, this approach takes a lot of time, so it is useful mainly when you need to check whether a single file exists. If you need to look for a set of sensitive files, you might want to automate the process with Microsoft PowerShell scripts to save time. For instance, the PowerShell script provided above will findall files that have “Payroll” in their name, and the Get-ChildItem -path command restricts the search to a specified folder and its subfolders.

Once you have a list of files that might contain sensitive data, you might want to move them to a secure location. However, the Windows PowerShell script you create to process the files will terminate with an error if either the input or output path is incorrect, so you might need to check if the files and folders still exist before you run your script. The Test-Path cmdlet will check whether a path (with or without a file name) is valid; it returns a value of true or false. The Pathtype parameter specifies the type of the final element in the path (Any, Container or Leaf). Additionally, you can narrow your results down using wildcards with the -Filter, -Exclude or -Include parameters instead of specifying a full filename.

Wouldn’t you rather just open a prebuilt report to check whether your sensitive data is stored only in proper locations, instead of spending all that time writing and running scripts? Try Netwrix Auditor for Windows File Servers. It’s easier — and you’ll get a lot more data. In addition to the object paths, you’ll see the file ownership details, the activity trail around the files and the user access permissions.

Previous How-to

How to Find Duplicate Files

Next How-to

How to Count Files in a Folder or a Directory